Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Typosquatters Target Anti-Virus Vendors

Scammers are registering misspelled domain names of security vendors and using Google's AdSense to redirect surfers to competing products.

Internet typosquatters are registering misspelled domains of anti-virus vendors and making money by redirecting surfers with Googles AdSense pay-per-click program.

The startling discovery was made by Finnish security vendor F-Secure Corp., a company thats being targeted in the elaborate scam.

In a notice posted online, director of anti-virus research at F-Secure Mikko Hypponen said unknown typosquatters operating out of Panama have registered more than 150 domain names with slight—almost unnoticeable—variations of the target URL.

For example, instead of the legitimate www.f-secure.com, the domains "www-f-secure.com" and "wwwf-secure.com" have been registered and set up to point to "nortpnantivirus.com," which is a misspelling of Symantec Corp.s Norton AntiVirus.

"These guys are fairly serious, looking at the amount of security-related domains theyve registered," Hypponen said, noting that several other high-profile anti-vendors like McAfee Inc., Panda Software Inc., Sendmail Inc. and BitDefender are also being targeted.

The list of misspelled domains registered by the scammers include f-secue.com, mesagelabs.com, mcafeeantiviru.com, bitdefneder.com, pestpatorl.com and centralcomand.com.

A Web surfer that accidentally mistypes a domain is greeted by a page of "Sponsored Links" populated with advertisements powered by the Google AdSense pay-per-click program.

In an interesting twist, the Google ads sometimes point back to a legitimate anti-virus virus vendor, meaning that companies are paying per-click fees to the scammers.

Earlier this year, Google Inc. was itself the target of a Russian typosquatter who registered the "googkle.com," domain and used the site to install Trojan droppers, downloaders, backdoors and spyware when an unsuspecting surfer mistyped the search giants domain name.

Google filed a complaint with the National Arbitration Forum and won the rights to several of the misspelled domain names.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.